Security expert Sean Sullivan says he's not surprised that the 2014 breach of Yahoo, which exposed at least 500 million account details, only recently came to light.

That's because multiple other sites - including Dropbox, LinkedIn, MySpace and Tumblr - also were either greatly delayed in discovering they'd been breached or they dramatically underestimated how badly they'd been breached, notes Sullivan, who's a security adviser at Finnish security firm F-Secure.

Sullivan adds that it's quite likely that Yahoo wouldn't have fallen a victim to such an attack, or at least a breach of this severity, if it were to be targeted today, thanks to security changes put in place since 2014. "The revelations from some of the documents that Edward Snowden ... disclosed really kind of woke up Silicon Valley to securing their systems not just from outside threats, but also from internal [threats]," he says. Snowden-related leaks began in 2013, which was the same year that a watering hole attack against the popular iPhoneDevSDK site for iOS developers led to the compromise of Apple, Facebook, Microsoft and Twitter, among others.

Those incidents were a wake-up call for technology firms to better secure their data, and Sullivan says that subsequently, Yahoo began using better encryption for its passwords, offering users two-factor authentication and encrypting users' security questions and answers.

In this audio interview with Information Security Media Group, Sullivan also discusses:

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.